EXIF metadata: what your photos reveal and how to strip it
What EXIF metadata embeds in your photos — device, timestamp, GPS coordinates — where it survives, where it gets stripped, and how to remove it safely.
英語版を表示しています。翻訳は準備中です。
Every photo your phone or camera writes is two things stacked in one file: the pixels, and a metadata block describing the conditions under which those pixels were captured. That metadata block is EXIF — Exchangeable Image File Format — and it sits alongside the image data, not inside it. The camera writes it automatically, most software preserves it silently, and most people never look at it. This post covers what EXIF stores, what it leaks, where it survives an upload and where it doesn't, and how to remove it without breaking the image.
What EXIF actually is
EXIF is a standard for embedding structured metadata in image files.
It is primarily defined for JPEG and TIFF, the two formats that
dominated when the spec was written. HEIC/HEIF — the default on
recent iPhones — carries equivalent metadata in its own container.
PNG is the notable exception: traditional PNG has no EXIF block and
uses its own text chunks (tEXt, iTXt) instead, though newer
revisions of the spec do define an optional eXIf chunk that some
tools now write. The practical takeaway: if you are worried about
metadata leaking, JPEG and HEIC are where it lives by default.
The block is written by the capturing device and then carried forward by anything that re-saves the file without explicitly discarding it. That persistence is the whole privacy story — the data outlives the moment of capture and travels with the file.
Common tags and what they reveal
| Tag | What it stores | What it reveals |
|---|---|---|
Make / Model |
Camera or phone manufacturer and model | The exact device used |
DateTimeOriginal |
Capture timestamp | When the photo was taken, often to the second |
GPSLatitude / GPSLongitude |
Geographic coordinates | Where it was taken — the privacy headline |
GPSAltitude |
Elevation | Floor of a building, sometimes |
LensModel |
Lens identifier | Equipment fingerprint |
FNumber / ExposureTime / ISO |
Aperture, shutter, sensitivity | Shooting settings |
Orientation |
Rotation flag (1–8) | How the viewer should rotate the image |
Software |
Editing application and version | Edit history hints |
| Embedded thumbnail | A small preview JPEG | Sometimes a pre-edit version of the image |
The GPS fields are the ones that matter for privacy. The thumbnail is the sleeper risk: some editors crop or redact the full-size image but leave the original embedded thumbnail untouched, so a "cropped" photo can still carry a small rendering of what was cropped out.
The privacy angle
The classic failure is a photo posted publicly that carries
GPSLatitude and GPSLongitude from the location it was shot. A
picture taken inside someone's home, posted to a forum or listing,
hands every reader the coordinates of that home. Plotting an image's
GPS tags on a map is a one-line operation, and it has been used to
deanonymize people who assumed a photo revealed nothing about where
they were. If you photograph at home and post the file as-is, you are
publishing your address.
DateTimeOriginal compounds it. Coordinates plus a precise timestamp
build a pattern-of-life record across a set of photos — where someone
is and when, repeated. No single tag is the whole problem; the
combination is.
Orientation is a different kind of hazard — not privacy but
correctness. The tag tells the viewer to rotate the displayed image
(portrait shots are often stored as landscape pixels with an
Orientation flag set). Software that honors the tag shows the photo
upright; software that ignores it shows it sideways or upside down.
This is why the same image looks correct in one app and rotated in
another, and why naively stripping EXIF can suddenly flip a photo on
its side.
Where EXIF survives and where it gets stripped
This is the part to treat with suspicion: behavior varies by platform and by how you send the file, and you should not assume.
Some patterns are reliable. Any operation that re-encodes the pixels into a fresh file — a screenshot, a "Save for web" export, resizing through most image pipelines — drops EXIF, because the new file is written without carrying the old metadata block. A screenshot of a photo has none of the original's EXIF.
Many social platforms strip EXIF on upload as a deliberate privacy measure, but not all, and behavior changes over time. Messaging apps are inconsistent: the same app often strips metadata when you send an image as a "photo" (which gets re-compressed) but preserves it when you send the same image as a "file" or "document" (which is delivered byte-for-byte). The safe model is: re-encoding or screenshotting removes EXIF; sending the original file may preserve it; everything in between varies, so verify rather than trust. The only way to know what a given file carries is to inspect it.
How to strip it
There are three practical approaches, and one ordering rule that matters.
Re-bake orientation first. Stripping EXIF removes the
Orientation tag along with everything else. If the image relied on
that tag to display upright, removing it leaves the raw — possibly
sideways — pixels. The correct sequence is to apply the rotation to
the actual pixel data first, then strip metadata, so the file is
upright on its own. Tools that "auto-orient" before exporting handle
this for you; tools that blindly delete the EXIF block do not.
With that in mind:
- Re-encode the image. Run it through an export or resize step that writes a fresh file. Our image resizer re-encodes in the browser, which drops the EXIF block as a side effect of producing a new file — convenient when you want a smaller, metadata-free copy at once.
- Use a metadata tool. Dedicated tools strip or selectively edit
EXIF (
exiftoolon the command line is the standard) — useful when you want to remove GPS but keep, say, copyright fields. - Use the platform's own option. Phone share sheets and OS photo apps increasingly offer a "remove location" toggle on export, which drops the GPS tags while leaving the rest. This is the least destructive choice when location is your only concern.
Stripping is irreversible. Once the block is gone it is gone; there is no undo short of going back to an original you kept. Keep an untouched master if the metadata has any value to you.
EXIF is not only a liability
The same data that leaks your location is what makes photo libraries
work. DateTimeOriginal is how apps sort and group your photos into
events. Make, Model, and the exposure fields let photographers
catalog and filter by gear. GPS tags power the map view in every photo
manager. Forensics and journalism rely on metadata to establish when
and where an image was captured. And the related IPTC and XMP blocks
that often ride alongside EXIF carry copyright, creator, and licensing
fields that photographers depend on for attribution.
The goal is not to delete everything reflexively — it is to know what a file carries and decide deliberately. Strip GPS before posting a photo from home; keep the timestamp and copyright on work you want credited.
Before you strip anything, look at what is actually there. Our EXIF viewer reads the full metadata block in your browser with nothing uploaded — drop in a file and you'll see the device, timestamp, GPS coordinates, and any embedded thumbnail before you decide what to remove.